Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Why you should act like your CEO’s password is “querty”

We take a look at reports that CEOs and other executives are using weak passwords in their daily dealings. How do we fix this? The post Why you should act like your CEO’s password is “querty” appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#mac#git#auth
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

CVE-2022-30887: Pharmacy Management System 1.0 Shell Upload ≈ Packet Storm

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.

New Open Source Project Brings Consistent Identity Access to Multicloud

Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.

CVE-2022-31215: Remote Support Software for Desktop Support & Systems Management

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers